Hello list,
Anyone have a good advise on the <subject>?
I currently have SiteA and SiteB with two OpenBSD machines on each end in
active-active setup.
I also have OSPF on top of gif(on top of IPSec) from each node and crossover
between nodes.
fw1.siteA <----gif---> fw1.siteB
fw2.siteA <----gif---> fw2.siteB
fw1.siteA <----crossover--->fw2.siteA.
I occasionally experience "breakdowns" on site-to-site links. It looks like
ospfd stops talking on gif, but gifs are up and I'm able to ping each peer.
ipsecctl shows that tunnels are up and I can confirm this via tcpdump. "pass on
enc0 keep state (if-bound)" should not let unencrypted traffic to escape anyway.
My goal with this setup is to have redundancy and let OSPF to decide routing
path.
So the priority is not set in ospfd.conf.
area 0.0.0.0 {
# siteA-siteB
interface gif0 { metric 10 }
# crossover
interface trunk0 { metric 5 }
#LAN
interface carp1 { passive }
# ANYCAST
interface lo1 { metric 5 }
}
pfsync0: flags=41<UP,RUNNING> mtu 1500
priority: 0
pfsync: syncdev: trunk0 maxupd: 128 defer: on
groups: carp pfsync
//mxb
